You have employees. They bring smartphones to work. All is fine, right? Wrong.
First of all, the second an employee brings a personal mobile device to work, you can bet on a fusion of personal and business affairs occurring. This was evident when 2,000 office workers were surveyed as to:
- How many downloaded personal apps to tablets issued by their employer: 73 percent
- How many did this with smartphones their company issued: 62 percent
- How many did it with company-issued notebooks: 45 percent
- The age group most guilty of this: 25 to 38 years old
- The number who used their smartphones and other mobile units to conduct company business: over 50 percent
That last percentage was slightly better news. But it hardly canceled out the aforementioned misuse, which may result in who-knows-how-much company business leaking outside the building to who knows where. That "50 percent" also raises the question: Have you, a decision-maker at your company, devised any plans to prevent or minimize how much company data leaves your building, in the form of storage inside your employees’ smartphones and other mobile devices?
The solutions may lie in the strategies that company decision-makers and IT managers can draw on to control data leakage. These strategies fall under something called enterprise mobile management. But cooperation is required from both parties: the company and the employees.
As a decision-maker, then, you'd be smart to think: “We’ll just never know, will we, where an employee’s smartphone ends up on the weekends -- a device loaded with our most sensitive data!”
Solutions for businesses
Business owners and other company decision-makers should regard the personal smartphone as a potential company diary. You don’t want this diary going all over the place after hours. You don’t want it easily opened for all to see what’s written on the pages.
So, try consider these strategies:
1. Teach employees about phishing scams.
Phishing maneuvers are a leading way that cybercriminals steal data. Research shows how easy it is to get employees to fall for these scams: The worker receives an email that has an urgency to it (e.g., subject line: "Get back to me asap"). Inside the mail is a link that the sender urges the recipient to click on. The link takes the user to a fake website that lures him or her into revealing sensitive company information.
2. Inform employees that the sender may pose as the company's bank or as someone from the board of directors.
Even after being taught about phishing, employees may still be suckered into clicking on a link inside an email -- as staged phishing attacks have shown. To make things simple and to avoid confusion, simply demand that employees not click on any links inside emails. No exceptions. Tell them that nobody will be penalized for not clicking on a link inside an email.
3. Employees should be suspicious of free download offers.
Clicking on these could activate a computer virus.
4. Employees should buy applications from a trusted app store rather than from third-party sources.
It's hard to know what those third parties' true motivations are.
5. Employees should be sure to protect all their devices with passwords.
If an employee leaves a device unattended, or it’s lost, could the finders get into any documents, or have to type in a password (which they don’t know, of course)?
6. All devices used for business should have a "wipe" function.
The more employees you have, the harder it will be to get every single one to password-protect his or her devices. Another layer of protection, then, is to require a “wipe” function. If the device is lost or stolen, all the data on it can be eradicated -- remotely.
7. All devices used for business should erase their data automatically after a set number of password attempts.
This will discourage hackers.
8. All devices, especially Androids, should be required to have anti-virus software.
This protects the device from malware that comes with an app that’s downloaded.
9. Employees should never “jailbreak” or “root” a mobile device.
Malware can infiltrate if the walled garden of the device is broken down because the user has manipulated the device's factory-installed operating system.
10. Employees should activate their update alerts immediately rather than opt for "remind me later."
These updates patch up security holes so that evolving cyber-pathogens do not gain entry.
11. Employees should be made aware that Wi-Fi in public is not secure.
Even though connections to public Wi-Fi will say they're not secure, not all users notice this alert; and some may not even know what it means. Instead, using a virtual private network (VPN) will significantly boost security for your company’s sensitive data. A VPN service, such as Hotspot Shield VPN, encrypts all cyberspace transmissions, scrambling them so that hackers can’t make sense of them.
Certainly it's true that employees themselves may be crooks working from the inside to commit cybercrime. But a significant volume of data leakage still stems from simple carelessness by employees -- and a lack of information and knowledge about security. What have you done about this threat at your own company?